News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Someone hacked my forum.

Started by MESWEB, July 22, 2014, 03:21:33 PM

Previous topic - Next topic

MESWEB

Quote from: Kindred on July 22, 2014, 04:38:52 PM
especially if you are running your own server...
I don't have own server. I pay for it.

Quote from: Kindred on July 22, 2014, 04:38:52 PM
Reset it how?
I'd like to know.
Maybe this is clue:
Quote[22/Jul/2014:18:06:09 +0200] "GET /deleteme.chafko0u.php HTTP/1.0" 200 1397 "-" "Installatron Plugin/9.1.4"

Quote from: Kindred on July 22, 2014, 04:38:52 PM
also, information is the key word here...
what SMF version?
What is your URL?
Who is your host (or do you actually run the server out of your house?)
What mods are you running?
Are you running anything else on that server other than SMF?
1 - 2.0.8
2 - obeznany.pl
3 - I don't know
4 - SA Facebook 2.0.2
2. Mobile Device Detect 0.2.2
3. Simple Audio Video Embedder 2.5.1
4. Add Avatar To Who Is Online Version 1.2
5. EU Cookie 1.0
6. Best Answer Intergration 1.4
7. Ad Managment 3.2
8. URL Popup 1.0.2
9. Default Avatar 2.3
10. Optimus Brave 1.8.7
11. SMF 2.0.8 Update 1.0
12. IMG Popup 1.0.2
13. SimplePortal 2.3.5
14. reCAPTCHA for SMF 0.9.9
15. SA Facebook - spolszczenie UTF8 1.0
16. OS & Browser Detection 1.6
17. Custom fields and filters of post 1.1
18. Highslide Image Viewer 1.7
19. Topic Rating Bar 0.8.1
20. Piwik Analytics 1.0.2
21. post_time 1.0
22. Loading For SMF 1.0
23. Google Analytics Code 1.4
24. NiceTooltips 1.8
25. SimplePortal - Polish

5 - Yes other 2 sites

Ninja ZX-10RR

@Kindred
Yes for sure I have an issue with the poster but Sir if he posts AGAIN like that can I just point that out? There was K@ already pointing it out and I was doing it at the same time. Sure I won't post anymore in his topics but it's ugly anyway to see staff people being treated as slaves. No one has that right on any forum, it's simply not right.
I can't report all topics though, even if you know I did many reports for stuff that has been closed right after or else. If I just had to report it well sorry but I wanted to notify him that he wouldn't have had anymore replies from me, for such attitude. Showing no respect for no one is not a good thing, to me.
Moral is: sorry if I should have just reported him and not also posted. I did. But now I think there is someone to be blamed more than me IMHO xD
If you feel like being treated as a slave and still help then do it but I don't think many people will follow you in that ;) also being treated as a slave and being PM makes quite a bad impression to users, IMHO, again.
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Irisado

Flavio - just use the report to moderator button.
Soñando con una playa donde brilla el sol, un arco iris ilumina el cielo, y el mar espejea iridescentemente

Kindred

I see that I am not being clear now...

When I said "rest it how" what I actually meant is...   What do you mean he reset your forum?
What are the symptoms? We can look into the how it was accomplished, but I am asking, right now, what was actually done... Because "reset my forum" is not actually descriptive at all...

You don't know who your host is?
Who do you pay for your server?

And whether you lay for the server or not, I have to assume that you are paying for an unmanaged server?  If so, everything that I said above remains true. People who don't understand servers should pay for managed servers, which allows them access to direct help from the host.  If you are paying for assistance from your host, then you really should be following up with them...

And yes... That liv entry indicates that something was loaded and run on your site. The question is... How did he get that file uploaded to your site, I. Order to have it there to run? And this is a how question which you will need to figure out.
A good bet would be to find out when that file was uploaded...  You found the run command for the file, find the log entry that resulted in that file getting  loaded in the first place...    And also, those deleteme files are usually just the front door... They run, installing one or more back doors buried deep in your directories and then get deleted so you don't notice...

What is being run on your other two sites?
And how are they segregated from your forum site? What kind of firewall do you have between the sites?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Bigguy

I think what he is meaning is someone hacked his host and did a re-install of SMF through the auto script. Not sure though.

Kindred

yeah... it could mean that...   but it's hard to tell, and apparently, the original poster believes that we have the mind reading script finished and installed. (note: we do not... and would not tell you if we did, because the NSA is listening. :P)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

@rjen

Installatron is a service your host provides for easy Installation and updates of standard SMF.

Once installed the service obviously has access to you forum for updates. I belive you can configure it at your host to do automatic updates or not. This service is not a part of SMF. My guess is that you need to take this up with your host...they have supplied the services.
Running SMF 2.1 with latest TinyPortal at www.fjr-club.nl

Chalky

Ahh, well if the host's installer has automatically updated SMF that could account for all manner of problems, including loss of customisations and data - like a full factory reset.  SMF is not meant to be updated that way.  Doing it yourself really isn't difficult or time-consuming.

@rjen

Quote from: MESWEB on July 22, 2014, 04:28:53 PM
I found something strange. I notice entering to my site from:
QuoteAmsterdam, Noord-Holland, Nederland, host name Installatron

Why Installatron are reset my file? I install SMF from Installatron couple months ago.
Now I need to close access from Installatron. What I need to do? Install clean version of SMF manually?

And by the way, If I understand Installatron correctly it also automatically creates a full backup prior to update.

So I am guessing:
1. Go to your host admin panel and restore that backup
2. Go to your host Installatron admin panel and SWITCH OFF automatic updates...

Have fun...
Running SMF 2.1 with latest TinyPortal at www.fjr-club.nl

MESWEB

Quote from: @rjen on July 23, 2014, 05:50:01 AM
Quote from: MESWEB on July 22, 2014, 04:28:53 PM
I found something strange. I notice entering to my site from:
QuoteAmsterdam, Noord-Holland, Nederland, host name Installatron

Why Installatron are reset my file? I install SMF from Installatron couple months ago.
Now I need to close access from Installatron. What I need to do? Install clean version of SMF manually?

And by the way, If I understand Installatron correctly it also automatically creates a full backup prior to update.

So I am guessing:
1. Go to your host admin panel and restore that backup
2. Go to your host Installatron admin panel and SWITCH OFF automatic updates...

Have fun...

Many thanks. You are Genius. I think this is a bug of Installatron app. Installatron found yesterday update to 2.0.8 (long time from official update). So now i turn off auto update from Installatron.

Nolt

First of all MESWEB you shouldn't insult any other people that they hacked your forum without any proofs, logs etc. If you really didn't know exact what happen with your forum try to search and ask what could break your forum.

You got an anserw in polish SMF community forum and here what software broke your forum. I think you should apologize some folks here right? :)

peterwaalker

What should i change webmasters email from server settings to?
I receive a lot of mails in my primary yahoomail account as i used it in the Webmasters email address.

Relyana

Dear peterwaalker - kindly open your own support topic to address your query :)

MESWEB -abusing the report to moderator function will only force us to take further actions such us increasing moderation of your posts and some more. Please pay attention to whatever you say and do in here.

Topic locked!

Advertisement: